Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 588b993d46f69c01…

MALICIOUS

Office (OLE)

2.04 MB Created: 2010-03-04 02:24:25
MD5: 00c7a3ff945980eb562f43172f2703da SHA-1: 6770eba77dba9f17c4668ceef49860929c84e0e1 SHA-256: 588b993d46f69c015bace20dc95899bfe5afd50797f3689e1db5a8c3306e3382
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The file is identified as a legacy Excel formula macro virus, specifically 'Poppy by VicodinES'. While no scripts were extracted, the presence of this marker indicates malicious intent. The document body contains financial and construction cost data, suggesting a lure to trick users into opening or interacting with the malicious content.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.